Migrate ORDS & Apex from OCI-C to OCI VMDB


In OCI-C ORDS and Apex is installed by default but in OCI to keep things lightweight ORDS and Apex is not bundled on VMDB systems. If you are migrating a DB from OCI Classic to OCI then you need to migrate Apex and ORDS manually. In this tutorial we will migrate both components after doing a migration of the Database


Steps in OCI-C (Source)

  1. Log in with Oracle user and tar the binaries for ORDS and Apex. In OCI-C ORDS and Apex resides in path ‘/u01/app/oracle/product’

$ sudo su oracle

$ cd /u01/app/oracle/product

$ tar cvf apex_prod.gz apex/

$ tar cvf ords_prod.gz ords/

  1. FTP the files out of OCI-C and copy to Target OCI Gen2 Instance
  2. Make a Physical clone of the DB using a tool like ZDM or manually with RMAN

Steps IN OCI (Target)

sudo chown oracle:oinstall *.gz

  1. Untar files to directory ‘/u01/app/oracle/product/’

$ sudo tar xvf ords_prod.gz -C /u01/app/oracle/product/

$ sudo tar xvf apex_prod.gz -C /u01/app/oracle/product/

  1. Configure ORDS Apex for New OCI Host
  • Check for hostname and service name entry in file. We have to change these as the target hostname and service name are different in OCI Gen2 –

$ cd /u01/app/oracle/product/ords

$ grep -Erni ‘PROD.1111111.oraclecloud.internal’

$ grep -Erni ‘classichost.compute-1111111.oraclecloud.internal’

Change the strings to new OCI hostname and service name in the files listed above (You can leave out the log files)

  1. Check if java is installed, if not install JDK

$ java -version

  1. Create Self-Signed SSL certificates for new host

$ hostname

ocigen2.sub111111111.ivl.oraclevcn.com

$ cd /u01/app/oracle/product/ords/conf/ords/standalone/

$ mkdir certs

$ cd certs

— Create a self-signed certificate with openssl utility the above hostname as the CName and modify other attributes according to your need

$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj ‘/CN=ocigen2.sub111111111.ivl.oraclevcn.com’

This will create 2 files key.pem and cert.pem

— Convert the key.pem to its der file as below:
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out key.der -nocrypt

— Similarly convert cert.pem to its crt file
$ openssl x509 -outform der -in cert.pem -out cert.crt

— Edit standalong.properties file and add the new key and der file and restart ORDS

$ vi /u01/app/oracle/product/ords/conf/ords/standalone/standalone.properties

ssl.cert=/u01/app/oracle/product/ords/conf/ords/standalone/certs/cert.crt
ssl.cert.key=/u01/app/oracle/product/ords/conf/ords/standalone/certs/key.der
standalone.context.path=/ords
standalone.static.context.path=/i
standalone.static.do.not.prompt=true
standalone.scheme.do.not.prompt=true
jetty.port=8080
jetty.secure.port=8181
ssl.host=ocigen2.sub111111111.ivl.oraclevcn.com
standalone.doc.root=/u01/app/oracle/product/ords/conf/ords/standalone/doc_root

Save and exit

  1. Start ORDS

— Stop if already running —
$ ps -ef | grep ords.war

$ kill -9

$ cd /u01/app/oracle/product/ords

$ java -jar ords.war

— Put it in background in Background–
ctrl-z^

$ bg

  1. Install firewalld and create port forwarding of ORDS port 8181 to 443 and allow the port

–Enable YUM on OCI VMDB node, as it is not enabled by default —
$ curl -s http://169.254.169.254/opc/v1/instance/ |grep region
$ wget https://swiftobjectstorage.ap-sydney-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol7repo -O /tmp/oci_dbaas_ol7repo
$ wget https://swiftobjectstorage.ap-sydney-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol7.list -O /tmp/versionlock.list
$ sudo cp /tmp/oci_dbaas_ol7repo /etc/yum.repos.d/ol7.repo
$ sudo cp /etc/yum/pluginconf.d/versionlock.list /etc/yum/pluginconf.d/versionlock.list-date +%Y%m%d
$ sudo cp /tmp/versionlock.list /etc/yum/pluginconf.d/versionlock.list
$ sudo yum update

— Install Firewalld and create port rules —
$ sudo yum install firewalld
$ sudo firewall-cmd –zone=public –list-all
$ sudo systemctl start firewalld
$ sudo firewall-cmd –zone=public –list-all
$ sudo firewall-cmd –zone=public –add-port 443/tcp
$ sudo firewall-cmd –zone=public –add-port 8181/tcp
$ sudo firewall-cmd –add-forward-port=port=443:proto=tcp:toport=8181
$ sudo firewall-cmd –runtime-to-permanent
$ sudo systemctl restart firewalld
$ sudo firewall-cmd –zone=public –list-all

  1. Allow Port 443 to be accessed in the Security List or NSG of your VCN Subnet and NSG attached to DB

If you have executed all the steps correctly and everything was OK then you should be abe to access your Apex URL using the new DB HOST IP or Hostname in case you are using a Custom domain name

Since we installed ORDS Schema in CDB the URL will be like below :

Category: ApexCloudDatabaseOracle

Tags:

Leave a Reply

Article by: Shadab Mohammad